From 4bd9abe7bb082a2c8dfcba521f510ef5584980d0 Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Wed, 17 Mar 2004 01:33:50 +0000
Subject: [PATCH] If you are running securelevel 2, and you do not sync the
 clock before switching to that securelevel, and the clock is off by more than
 128ms, ntpd will attempt to correct by stepping the clock instead of slewing
 it. So use -x in that case; from tholo

---
 src/etc/rc.local | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/etc/rc.local b/src/etc/rc.local
index 3abafe19..0e7ae7dc 100644
--- a/src/etc/rc.local
+++ b/src/etc/rc.local
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc.local,v 1.33 2001/06/05 23:01:55 naddy Exp $
+#	$OpenBSD: rc.local,v 1.34 2004/03/17 01:33:50 deraadt Exp $
 
 # site-specific startup actions, daemons, and other things which
 # can be done AFTER your system goes into securemode.  For actions
@@ -19,7 +19,11 @@ fi
 
 if [ X"${ntpd}" == X"YES" -a -x /usr/local/sbin/ntpd \
     -a -e /etc/ntp.conf ]; then
-       echo -n ' ntpd';       /usr/local/sbin/ntpd -p /var/run/ntpd.pid
+	ntpd_flags="-p /var/run/ntpd.pid"
+	if [ $securelevel -ge 1 ]; then
+		ntpd_flags="${ntpdflags} -x"
+	fi
+	echo -n ' ntpd';       /usr/local/sbin/ntpd ${ntpd_flags}
 fi
 
 if [ -x /usr/local/sbin/cfsd ]; then